Neat Bank of America site security feature doesn't do anything !

If you use the Bank of America online banking site  you've seen what they call the 'Site Identity' feature that is supposed to save you from being phished:

"...  online banking customers are asked to select an image, like a dog or chess piece, that they will see every time they log in to their account.

The idea is that if customers do not see their image, they could be at a fraudulent Web site, dummied up to look like their bank’s, and should not enter their passwords." (from NYT)

Well I use it (and, hmm, my image is a chess piece!) and it seemed like a reasonable idea. But not according to this study:

"The premise is that site-authentication images increase security because customers will not enter their passwords if they do not see the correct image,” said Stuart Schechter, a computer scientist at the M.I.T. Lincoln Laboratory. “From the study we learned that the premise is right less than 10 percent of the time.”

"He added: “If a bank were to ask me if they should deploy it, I would say no, wait for something better,” he said."  (from NYT)

Oh well... Read the whole article!

Posted on February 5, 2007 and filed under Life, Technology.